分享
 
 
 

POSTFIX下的反垃圾反病毒邮件系统

王朝other·作者佚名  2008-05-18
窄屏简体版  字體: |||超大  

POSTFIX下的反垃圾反病毒邮件系统

--------------------------------------------------------------------------------

使用版本为

hawk# uname -a

FreeBSD hawk.the9.com 4.9-RELEASE FreeBSD 4.9-RELEASE #0: Mon Oct 27 17:51:09 GMT 2003 root@freebsd-stable.sentex.ca:/usr/obj/usr/src/sys/GENERIC i386

1.分区:

1G /

1G swap

3G /var 邮件存储在这里所以设置比较大

1G /tmp

1G /home

3G /usr

剩下 /data

2.用户

添加cnhawk用户,口令另行约定,cnhawk用户需加入wheel组,root口令另行约定

3. packages安装

选择最小化安装

选中

在custom选项里选中

compat3x

compat4x

man

ports

4.rc.conf

设定:

sendmail_enable="NONE"

5. 安装mysql

A.可以在ports中安装

Cd /usr/ports/databases/mysql323-server

Make install

安装的mysql的版本是mysql-3.23.58

B.以下是手动安装mysql-3.23.55

1)添加mysql用户组及mysql用户

hawk# pw groupadd mysql

hawk# pw useradd mysql -g mysql -s /nonexistent

2)配置安装

hawk# tar zxvf mysql-3.23.55.tar.gz

hawk# cd mysql-3.23.55

hawk# ./configure --prefix=/usr/local/mysql --with-low-memory --with-charset=gb2312 --without-debug

hawk# make

hawk# make install

hawk# scripts/mysql_install_db

hawk# chown -R root /usr/local/mysql

hawk# chown -R mysql /usr/local/mysql/var

hawk# chgrp -R mysql /usr/local/mysql

hawk# cp support-files/my-medium.cnf /etc/my.cnf

hawk# ln -s /usr/local/mysql/bin/safe_mysqld /usr/local/bin/safe_mysqld

hawk# ln -s /usr/local/mysql/bin/mysqladmin /usr/local/bin/mysqladmin

hawk# ln -s /usr/local/mysql/bin/mysql /usr/local/bin/mysql

hawk# ln -s /usr/local/mysql/lib/mysql /usr/local/lib/mysql

3)编辑用户数据库

以下是建库的语句

use mysql;

#======================postfix==================================

INSERT INTO user (host,user,password) VALUES('localhost','postfix','');

update user set password=password('hawk') where User='postfix';

FLUSH PRIVILEGES;

GRANT ALL ON mail.* TO postfix@localhost IDENTIFIED BY "hawk";

#======================courier==================================

INSERT INTO user (host,user,password) VALUES ('localhost','courier','');

update user set password=password('hawk') where User='courier';

FLUSH PRIVILEGES;

GRANT select,insert,update on mail.* TO courier;

#=======================MAIL.SQL=================================

#Create mail database

CREATE DATABASE mail;

use mail;

#Create the aliases table

CREATE TABLE aliases (

alias varchar(255) NOT NULL default '',

rcpt varchar(255) default NULL,

PRIMARY KEY (alias)

) TYPE=MyISAM;

#Create the transport table

CREATE TABLE transport (

domain char(128) NOT NULL default '',

transport char(128) NOT NULL default '',

UNIQUE KEY domain (domain)

) TYPE=MyISAM;

#Create thevirtua_users table

CREATE TABLE virtual_users (

unique_id int(32) unsigned NOT NULL auto_increment,

id char(128) NOT NULL default '',

password char(128) default NULL,

uid int(10) unsigned default '2003',

gid int(10) unsigned default '2003',

home char(255) default NULL,

maildir char(255) default NULL,

date_add date default NULL,

time_add time default NULL,

domain char(128) default NULL,

name char(255) default NULL,

imapok tinyint(3) unsigned default '1',

quota char(255) default '10485760',

PRIMARY KEY (id),

KEY unique_id (unique_id)

) TYPE=MyISAM;

#Create address table //该部分是为使用igenus而增加的。

CREATE TABLE address (

id int(32) unsigned NOT NULL auto_increment,

unique_id int(32) NOT NULL default '0',

name char(255) NOT NULL default ' ',

email char(255) NOT NULL default ' ',

PRIMARY KEY (id),

key unique_id (unique_id)

) TYPE=MyISAM;

#==========================================================

4)设置自启:

hawk# edit /usr/local/etc/rc.d/mysqld.sh

示例:mysqld.sh

#!/bin/sh

case "$1" in

start)

if [ -x /usr/local/mysql/bin/safe_mysqld ]; then

/usr/local/mysql/bin/safe_mysqld --user=mysql & > /dev/null && echo -n ' mysqld'

fi

;;

stop)

/usr/bin/killall mysqld > /dev/null 2>&1 && echo -n ' mysqld'

;;

*)

echo ""

echo "Usage: `basename $0` { start | stop }"

echo ""

exit 64

;;

esac

hawk# chmod 755 /usr/local/etc/rc.d/mysqld.sh

6.安装cyrus-sasl

1)安装cyrus-sasl-2.1.12

hawk# tar -zxvf cyrus-sasl-2.1.12.tar.gz

hawk# cd cyrus-sasl-2.1.12

hawk# ./configure --disable-sample --disable-pwcheck --disable-cram --disable-digest --disable-krb4 --disable-gssapi --disable-anon --with-saslauthd=/var/run/saslauthd --enable-plain --enable-login

hawk# make

hawk# make install

hawk# ln -s /usr/local/lib/sasl2 /usr/lib/sasl2

2)配置sasl的lib库

hawk# edit /etc/defaults/rc.conf

(在ldconfig_paths="/usr/loca/lib后面加上/usr/local/lib/sasl2")

hawk# shutdown -r now(使其生效)

3)运行saslauthd(如果使用pam直接认证,则该步骤可以省略)

示例saslauthd.sh

#!/bin/sh

case "$1" in

start)

if [ -x /usr/local/sbin/saslauthd ]; then

/usr/local/sbin/saslauthd -a pam > /dev/null && echo -n ' saslauthd'

fi

;;

stop)

/usr/bin/killall saslauthd > /dev/null 2>&1 && echo -n ' saslauthd'

;;

*)

echo ""

echo "Usage: `basename $0` { start | stop }"

echo ""

exit 64

;;

Esac

hawk# mkdir /var/run/saslauthd

hawk# edit /usr/local/etc/rc.d/saslauthd.sh

hawk# chmod 755 /usr/local/etc/rc.d/saslauthd.sh

4)准备postfix认证的配置文件

A)使用pam直接认证:

hawk# echo pwcheck_method: pam > /usr/local/lib/sasl2/smtpd.conf

B)使用saslauthd调用pam认证:

hawk# echo pwcheck_method: saslauthd > /usr/lib/sasl2/smtpd.conf

7. 安装 pam_mysql

安装 pam_mysql-0.5 (由于采用源码安装编译不能通过,故使用freebsd4.9 ports安装)

1)安装

hawk# pkg_add –r gmake (pam_mysql需要gmake)

hawk# cd /usr/ports/security/pam-mysql/

hawk# cp /usr/local/lib/pam_mysql.so /usr/lib/

2)配置pam.conf调用mysql支持sasl认证

hawk# edit /etc/pam.conf(将pop3 和imap的前面加上#)添加下列代码:

smtp auth sufficient pam_mysql.so user=postfix passwd=hawk host=localhost db=mail table=virtual_users usercolumn=id passwdcolumn=password crypt=1

smtp account required pam_mysql.so user=postfix passwd=hawk host=localhost db=mail table=virtual_users usercolumn=id passwdcolumn=password crypt=1

(注:密码使用crypt加密,如果使用明文密码cyrpt=0,如果使用password()加密crypt=2)

8.安装postfix

1)停止sendmail

hawk# mv /usr/bin/newaliases /usr/bin/newaliases.OFF

hawk# mv /usr/bin/mailq /usr/bin/mailq.OFF

hawk# mv /usr/sbin/sendmail /usr/sbin/sendmail.OFF

hawk# mv /etc/rc.sendmail /etc/sendmail.OFF

hawk# edit /etc/rc.conf(在sendmail="YES"前面添加# )

2)添加postfix用户

hawk# pw groupadd postfix -g 2003

hawk# pw groupadd postdrop -g 2004

hawk# pw useradd postfix -u 2003 -g 2003 -d /dev/null -s /nologin

3)安装

安装postfix-2.0.10.tar.gz

hawk# tar zxvf postfix-2.0.10.tar.gz

hawk# cd postfix-2.0.10

如果你的mysql是源码编译请用下面这个命令

hawk# make -f Makefile.init makefiles 'CCARGS=-DUSE_SASL_AUTH -DHAS_MYSQL -I/usr/local/mysql/include/mysql -I/usr/local/include/sasl' 'AUXLIBS=-L/usr/local/lib/ -L/usr/local/mysql/lib/mysql -lmysqlclient -lsasl2 -lz -lm'

如果你的mysql是ports安装的请用下面这个命令

hawk# make -f Makefile.init makefiles 'CCARGS=-DUSE_SASL_AUTH -DHAS_MYSQL -I/usr/local/include/mysql -I/usr/local/include/sasl' 'AUXLIBS=-L/usr/local/lib/ -L/usr/local/lib/mysql -lmysqlclient -lsasl2 -lz -lm'

hawk# make

hawk# make install(第一次安装使用此命令,安装过程中如果提示错误则在提示选择tmp的时候使用/tmp)

hawk# make upgrade(升级老版本使用此命令)

4)配置

hawk# echo ‘postfix: root’ >> /etc/aliases

hawk# /usr/bin/newaliases

(注:如果提示postfix无法打开opiekeys文件则执行:#hawk chown postfix:postfix /etc/opiekeys)

A)编辑修改/etc/posftix/main.cf 示例:main.cf

#======= BASE ==============

myhostname = hawk.the9.com

mydomain = the9.com

home_mailbox=Maildir/

mydestination = $myhostname, $mydomain, $transport_maps

local_recipient_maps = 为空

mailbox_command= /usr/lib/courier-imap/bin/deliverquota -w 90 ~/Maildir

#======= MYSQL =============

transport_maps = mysql:/etc/postfix/transport.cf

virtual_gid_maps = mysql:/etc/postfix/gids.cf

virtual_mailbox_base = /var/mail

virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual.cf

virtual_maps = mysql:/etc/postfix/mysql.aliases.cf

virtual_uid_maps = mysql:/etc/postfix/uids.cf

#======= Quota ============

message_size_limit = 2097152 //限制每次发邮件的大小 2MB

virtual_mailbox_limit_inbox = no

virtual_mailbox_limit_maps = mysql:/etc/postfix/mailboxsize-mysql.cf

virtual_mailbox_limit_override = yes

virtual_maildir_extended = yes

virtual_create_maildirsize = yes

virtual_mailbox_limit = 10485760 //总邮箱的大小 10MB

#====== SASL ================

smtpd_sasl_auth_enable = yes

smtpd_sasl_security_options = noanonymous

broken_sasl_auth_clients = yes

smtpd_recipient_restrictions = permit_sasl_authenticated permit_auth_destinatio reject

#smtpd_sasl_local_domain = $mydomain

smtpd_client_restrictions = permit_sasl_authenticated

B)确认/etc/postfix/master.cf的配置有如下内容

virtual unix - n n - - virtual

C)编辑/etc/posftix/transport.cf

示例:transport.cf

user = postfix

password = hawk

dbname = mail

table = transport

select_field = transport

where_field = domain

hosts = localhost

D)编辑/etc/postfix/gids.cf

示例:gids.cf

user = postfix

password= hawk

dbname = mail

table = virtual_users

select_field = gid

where_field = id

hosts = localhost

E)编辑/etc/postfix/uids.cf

示例:uids.cf

user = postfix

password= hawk

dbname = mail

table = virtual_users

select_field = uid

where_field = id

hosts = localhost

F)编辑/etc/posftix/mysql_virtual.cf

示例:mysql_virtual.cf

user = postfix

password= hawk

dbname = mail

table = virtual_users

select_field = maildir

where_field = id

hosts = localhost

G)编辑/etc/postfix/mysql.aliases.cf 示例:mysql.aliases.cf

user = postfix

password= hawk

dbname = mail

table = aliases

select_field = rcpt

where_field = alias

hosts = localhost

H)编辑/etc/postfix/mailboxsize-mysql.cf 示例:mailboxsize-mysql.cf

user = postfix

password = hawk

dbname = mail

table = virtual_users

select_field = quota

where_field = id

hosts = localhost

5)设置自启动

hawk# edit /usr/local/etc/rc.d/postfix-server.sh

示例:postfix-server.sh

#!/bin/sh

case "$1" in

start)

if [ -x /usr/sbin/postfix ]; then

/usr/sbin/postfix start && echo -n ' postfix'

fi

;;

stop)

/usr/sbin/postfix stop && echo -n ' postfix'

;;

*)

echo ""

echo "Usage: `basename $0` { start | stop }"

echo ""

exit 64

;;

esac

hawk# chmod 755 /usr/local/etc/rc.d/postfix-server.sh

9.安装expect.tar.gz(need tcl)

hawk# pkg_add tcl-8.3.5_2.tgz

hawk# tar zxvf expect-5.38.tar.gz

hawk# cd expect-5.38

hawk# ./configure --enable-threads --with-tcl=/usr/local/lib/tcl8.3 --with-tclinclude=/usr/local/include/tcl8.3

hawk# make

hawk# make install

10.安装Courier-imap-1.7.1(need gmake、expect)

1、安装

hawk# pkg_add -r gmake 远程安装包

hawk# pw useradd cnhawk -g wheel(the software MUST run the configure script as normal user, not root)

hawk$ bunzip2 courier-imap-1.7.1.tar.bz2

hawk$ tar xvf courier-imap-1.7.1.tar

hawk$ cd courier-imap-1.7.1

如果你的mysql是源码编译请用下面这个命令

hawk$ ./configure --without-ipv6 --enable-unicode --enable-workarounds-for-imap-client-bugs --with-mysql-libs=/usr/local/mysql/lib/mysql --with-mysql-includes=/usr/local/mysql/include/mysql

如果你的mysql是ports安装请用下面这个命令

Hawk$./configure --without-ipv6 --enable-unicode --enable-workarounds-for-imap-client-bugs --with-mysql-libs=/usr/local/lib/mysql --with-mysql-includes=/usr/local/include/mysql

hawk$ gmake

hawk# su root

hawk# gmake install

hawk# gmake install-configure

2)配置

编辑修改/usr/lib/courier-imap/etc/authmysqlrc 示例:authmysqlrc

##VERSION: $Id: authmysqlrc,v 1.10 2002/04/02 23:41:41 mrsam Exp $

#

# Copyright 2000 Double Precision, Inc. See COPYING for

# distribution information.

#

# Do not alter lines that begin with ##, they are used when upgrading

# this configuration.

#

# authmysqlrc created from authmysqlrc.dist by sysconftool

#

# DO NOT INSTALL THIS FILE with world read permissions. This file

# might contain the MySQL admin password!

#

# Each line in this file must follow the following format:

#

# field[spaces|tabs]value

#

# That is, the name of the field, followed by spaces or tabs, followed by

# field value. Trailing spaces are prohibited.

##NAME: LOCATION:0

#

# The server name, userid, and password used to log in.

MYSQL_SERVER localhost

MYSQL_USERNAME courier

MYSQL_PASSWORD hawk

##NAME: MYSQL_SOCKET:0

#

# MYSQL_SOCKET can be used with MySQL version 3.22 or later, it specifies the

# filesystem pipe used for the connection

#

MYSQL_SOCKET /tmp/mysql.sock

##NAME: MYSQL_PORT:0

#

# MYSQL_PORT can be used with MySQL version 3.22 or later to specify a port to

# connect to.

MYSQL_PORT 3306

##NAME: MYSQL_OPT:0

#

# Leave MYSQL_OPT as 0, unless you know what you're doing.

MYSQL_OPT 0

##NAME: MYSQL_DATABASE:0

#

# The name of the MySQL database we will open:

MYSQL_DATABASE mail

##NAME: MYSQL_USER_TABLE:0

#

# The name of the table containing your user data. See README.authmysqlrc

# for the required fields in this table.

MYSQL_USER_TABLE virtual_users

##NAME: MYSQL_CRYPT_PWFIELD:0

#

# Either MYSQL_CRYPT_PWFIELD or MYSQL_CLEAR_PWFIELD must be defined. Both

# are OK too. crypted passwords go into MYSQL_CRYPT_PWFIELD, cleartext

# passwords go into MYSQL_CLEAR_PWFIELD. Cleartext passwords allow

# CRAM-MD5 authentication to be implemented.

MYSQL_CRYPT_PWFIELD password

##NAME: MYSQL_CLEAR_PWFIELD:0

#

#

# MYSQL_CLEAR_PWFIELD clear

##NAME: MYSQL_DEFAULT_DOMAIN:0

#

# If DEFAULT_DOMAIN is defined, and someone tries to log in as 'user',

# we will look up 'user@DEFAULT_DOMAIN' instead.

#

#

# DEFAULT_DOMAIN example.com

##NAME: MYSQL_UID_FIELD:0

#

# Other fields in the mysql table:

#

# MYSQL_UID_FIELD - contains the numerical userid of the account

#

MYSQL_UID_FIELD uid

##NAME: MYSQL_GID_FIELD:0

#

# Numerical groupid of the account

MYSQL_GID_FIELD gid

##NAME: MYSQL_LOGIN_FIELD:0

#

# The login id, default is id. Basically the query is:

#

# SELECT MYSQL_UID_FIELD, MYSQL_GID_FIELD, ... WHERE id='loginid'

#

MYSQL_LOGIN_FIELD id

##NAME: MYSQL_HOME_FIELD:0

#

MYSQL_HOME_FIELD home

##NAME: MYSQL_NAME_FIELD:0

#

# The user's name (optional)

MYSQL_NAME_FIELD name

##NAME: MYSQL_MAILDIR_FIELD:0

#

# This is an optional field, and can be used to specify an arbitrary

# location of the maildir for the account, which normally defaults to

# $HOME/Maildir (where $HOME is read from MYSQL_HOME_FIELD).

#

# You still need to provide a MYSQL_HOME_FIELD, even if you uncomment this

# out.

#

MYSQL_MAILDIR_FIELD maildir

##NAME: MYSQL_QUOTA_FIELD:0

#

# Define MYSQL_QUOTA_FIELD to be the name of the field that can optionally

# specify a maildir quota. See README.maildirquota for more information

#

MYSQL_QUOTA_FIELD quota

##NAME: MYSQL_WHERE_CLAUSE:0

#

# This is optional, MYSQL_WHERE_CLAUSE can be basically set to an arbitrary

# fixed string that is appended to the WHERE clause of our query

#

MYSQL_WHERE_CLAUSE imapok=1

##NAME: MYSQL_SELECT_CLAUSE:0

#

# (EXPERIMENTAL)

# This is optional, MYSQL_SELECT_CLAUSE can be set when you have a database,

# which is structuraly different from proposed. The fixed string will

# be used to do a SELECT operation on database, which should return fields

# in order specified bellow:

#

# username, cryptpw, uid, gid, clearpw, home, maildir, quota, fullname

#

# Enabling this option causes ignorance of any other field-related

# options, excluding default domain.

#

# There are two variables, which you can use. Substitution will be made

# for them, so you can put entered username (local part) and domain name

# in the right place of your query. These variables are:

# $(local_part) and $(domain)

#

# If a $(domain) is empty (not given by the remote user) the default domain

# name is used in its place.

#

# This example is a little bit modified adaptation of vmail-sql

# database scheme:

#

# MYSQL_SELECT_CLAUSE SELECT popbox.local_part, # CONCAT('{MD5}', popbox.password_hash), # popbox.clearpw, # domain.uid, # domain.gid, # CONCAT(domain.path, '/', popbox.mbox_name), # '', # domain.quota, # '', # FROM popbox, domain # WHERE popbox.local_part = '$(local_part)' # AND popbox.domain_name = '$(domain)' # AND popbox.domain_name = domain.domain_name

#

##NAME: MYSQL_CHPASS_CLAUSE:0

#

# (EXPERIMENTAL)

# This is optional, MYSQL_CHPASS_CLAUSE can be set when you have a database,

# which is structuraly different from proposed. The fixed string will

# be used to do an UPDATE operation on database. In other words, it is

# used, when changing password.

#

# There are four variables, which you can use. Substitution will be made

# for them, so you can put entered username (local part) and domain name

# in the right place of your query. There variables are:

# $(local_part) , $(domain) , $(newpass) , $(newpass_crypt)

#

# If a $(domain) is empty (not given by the remote user) the default domain

# name is used in its place.

# $(newpass) contains plain password

# $(newpass_crypt) contains its crypted form

#

# MYSQL_CHPASS_CLAUSE UPDATE popbox # SET clearpw='$(newpass)', # password_hash='$(newpass_crypt)' # WHERE local_part='$(local_part)' # AND domain_name='$(domain)'

#

编辑修改/usr/lib/courier-imap/etc/authdaemonrc

version="authdaemond.mysql"

3)设置自启动

hawk# cd /usr/local/etc/rc.d

hawk# ln -s /usr/lib/courier-imap/libexec/imapd.rc imapd.sh

hawk# ln -s /usr/lib/courier-imap/libexec/pop3d.rc pop3d.sh

hawk# chmod 755 imapd.sh

hawk# chmod 755 pop3d.sh

现在开始测试:

1)设置用户:

hawk# mysql

mysql> use mail;

在数据库里你可以看到

mysql> show tables;

+----------------+

| Tables_in_mail |

+----------------+

| aliases |

| transport |

| virtual_users |

+----------------+

mysql> desc aliases;

+-------+--------------+------+-----+---------+-------+

| Field | Type | Null | Key | Default | Extra |

+-------+--------------+------+-----+---------+-------+

| alias | varchar(255) | | PRI | | |

| rcpt | varchar(255) | YES | | NULL | |

+-------+--------------+------+-----+---------+-------+

mysql> insert aliases values('postmaster@the9.com','cnhawk@the9.com');

mysql> insert aliases values('postmaster@freebsd.net','cnhawk@freebsd.net');

mysql> select * from aliases;

+--------------------------+--------------------+

| alias | rcpt |

+--------------------------+--------------------+

| postmaster@the9.com | cnhawk@the9.com |

| postmaster@freebsd.net | cnhawk@freebse.net |

+--------------------------+--------------------+

mysql> desc transport;

+-----------+-----------+------+-----+---------+-------+

| Field | Type | Null | Key | Default | Extra |

+-----------+-----------+------+-----+---------+-------+

| domain | char(128) | | PRI | | |

| transport | char(128) | | | | |

+-----------+-----------+------+-----+---------+-------+

mysql> insert transport values('the9.com','virtual:');

mysql> insert transport values('freebsd.net','virtual:');

mysql> select * from transport;

+---------------+-----------+

| domain | transport |

+---------------+-----------+

| nankai.edu.cn | virtual: |

| freebsd.net | virtual: |

+---------------+-----------+

mysql> desc virtual_users;

+-----------+---------------------+------+-----+----------+----------------+

| Field | Type | Null | Key | Default | Extra |

+-----------+---------------------+------+-----+----------+----------------+

| unique_id | int(32) unsigned | | MUL | NULL | auto_increment |

| id | char(128) | | PRI | | |

| password | char(128) | YES | | NULL | |

| uid | int(10) unsigned | YES | | 104 | |

| gid | int(10) unsigned | YES | | 104 | |

| home | char(255) | YES | | NULL | |

| maildir | char(255) | YES | | NULL | |

| date_add | date | YES | | NULL | |

| time_add | time | YES | | NULL | |

| domain | char(128) | YES | | NULL | |

| name | char(255) | YES | | NULL | |

| imapok | tinyint(3) unsigned | YES | | 1 | |

| quota | char(255) | YES | | 10485760 | |

+-----------+---------------------+------+-----+----------+----------------+

mysql> INSERT INTO virtual_users

mysql> (id,home,password,maildir,date_add,time_add,domain,name)

mysql> VALUES ('cnhawk@the9.com','/var/mail/',encrypt('cnhawk'),

mysql> 'the9.com/cnhawk/Maildir/','2003-04-23','01:18:24','the9.com','cnhawk');

mysql> INSERT INTO virtual_users

mysql> (id,home,password,maildir,date_add,time_add,domain,name)

mysql> VALUES ('hawk@freebsd.net','/var/mail/',encrypt('hawk'),

mysql> 'freebsd.net/hawk/Maildir/','2003-04-23','01:18:24','freebsd.net','hawk');

mysql> quit

2)设置用户的目录与权限:

hawk# mkdir -p /var/mail/the9.com/cnhawk

hawk# mkdir -p /var/mail/freebsd.net/hawk

hawk# cd /usr/lib/courier-imap/bin

hawk# ./maildirmake /var/mail/the9.com/cnhawk/Maildir

hawk# ./maildirmake /var/mail/freebsd.net/hawk/Maildir

hawk# chmod -R 700 /var/mail/the9.com/

hawk# chmod -R 700 /var/mail/freebsd.net/

hawk# chown -R postfix:postfix /var/mail/the9.com

hawk# chown -R postfix:postfix /var/mail/freebsd.net

至此用户设置完毕,这里仅仅使用两个虚拟域,同理可以设置若干个虚拟域,如:mail.com

3)用户登录测试:

hawk# telnet 127.0.0.1 110

Trying 0.0.0.0...

Connected to 0.

Escape character is '^]'.

+OK Hello there.

user cnhawk@the9.com

+OK Password required.

pass cnhawk

+OK logged in. (OK,pop 登录成功)

quit

+OK Bye-bye.

Connection closed by foreign host.

也可以使用任何其它的邮件客户端程序来测试,如foxmail、Outlook Express等等。

然后安装webmail

安装igenus

1.安装:

hawk # cd /usr/ports/www/apache2

hawk # make install

hawk# cd /usr/ports/www/mod_php4

hawk# make install

hawk# cd /var/mail

hawk# tar zxvf igenus_docn.tar.gz

hawk# edit /usr/local/apache/conf/httpd.conf

2.配置:

1)Group nobody、User nobody

修改为: Group postfix、User postfix

2)DocumentRoot "/usr/local/apache/htdocs"

修改为:DocumentRoot "/var/mail/webmail"

3) 查找 AddDefaultCharset ISO-8859-1

改为AddDefaultCharset GB2312 #中文支持

添加AddType application/x-httpd-php .php #php支持

4)修改config_inc.php文件

$CFG_BASEPATH = "/var/mail/webmail";

$CFG_MYSQL_HOST = 'localhost';

$CFG_MYSQL_USER = 'postfix';

$CFG_MYSQL_PASS = 'hawk';(同以上密码,均可以自己修改)

$CFG_MYSQL_DB = 'mail';

5) 编辑/usr/local/etc/php.ini,修改:

Cp /usr/local/etc/php.ini-dist /usr/local/etc/php.ini

register_globals = On

3.使用:

最后在浏览器的URL中输入:

http://IP 因为没有DNS 有了DNS就好了 可以直接定位域名

1. 修改/etc/php.ini

max_execution_time = 30 #改为60 (增加处理脚本的时间限制)

memory_limit = 8M #改为40M (这样才能发10M的附件)

post_max_size = 2M #改为10M

upload_max_filesize = 2M #改为10M

2. 修改/etc/httpd/conf.d/php.conf

<Files *.php>

SetOutputFilter PHP

SetInputFilter PHP

LimitRequestBody 524288 #把524288改为10485760

</Files>

这里的 LimitRequestBody 524288 限定了上传附件的上限为512k, 将其改为10M

3. 修改/etc/postfix/main.cf, 添加如下语句:

message_size_limit = 14336000

postfix的默认值是10M, 但这指的是邮件正文和编码后附件的总和, 经过base64编码,附件的大小会增加35%左右, 因此这里设定可接受邮件的大小为14M

可以使用如下命令查看postfix的有关设定:

/usr/sbin/postconf | grep size

4. 重起apache和postfix.

反垃圾邮件 反病毒邮件部分

1.安装McAfee uvscan

BSD上的最新的版本是vbsd424e,虽然是试用但是可以升级也没有功能限制。

最新病毒库的版本是dat-4306.tar = b4af8aa33b670d15cc43ebf6f4967498

如何你的ports中的病毒库不是最新的版本 可以修改ports中的文件 可以去www.nai.com上面直接下载

安装McAfee AntiVirus

hawk# cd /usr/ports/security/vscan

hawk# make install clean

2.AMaViS的安装

AMaViS是uvscan和postfix之间的一个桥梁,完成邮件解码,交给uvscan查毒,然后再处理,转发操作。

2.1在ports中安装

我这里的版本号是amavisd-new-20030616

hawk# cd /usr/ports/security/amavisd-new/

# make install clean

hawk# cd /usr/local/etc

hawk# cp amavisd.conf-dist amavisd.conf

hawk# chown vscan amavisd.conf

hawk# chmod 750 amavisd.conf

hawk# chown vscan /usr/local/sbin/amavisd

hawk# chmod 750 /usr/local/sbin/amavisd

修改 amavisd.conf

$mydomain = 'the9.com'; (修改成你自己的)

$TEMPBASE = "/tmp";

$forward_method = 'smtp:127.0.0.1:10025';

$notify_method = $forward_method;

以下的可以根据你的服务器情况设定

$virus_admin = "vscan\@$mydomain"

$mailfrom_notify_admin = "vscan\@$mydomain";

$mailfrom_notify_recip = "vscan\@$mydomain";

$mailfrom_notify_spamadmin = "vscan\@$mydomain";

# $QUARANTINEDIR = '/var/virusmails';

2.2修改postfix

在 /etc/postfix/master.cf 中

smtp inet n - n - - smtpd

改为如下:

smtp-amavis unix - - n - 2 smtp

-o smtp_data_done_timeout=1200

-o disable_dns_lookups=yes

127.0.0.1:10025 inet n - n - - smtpd

-o content_filter=

注意 关于127.0.0.1:10025 的 content_filter 为空白,是因为在 postfix 的 main.cf 中,先前已有定义 content_filter 的话,可能会造成在本地邮件不停的转寄给自己,要是有这样的情况发生,postfix 的日志中会出现以下信息「Error: too many hops 」。

测试

hawk# /usr/local/sbin/postfix stop

hawk# /usr/local/sbin/postfix start

hawk# su - vscan

hawk# /usr/local/sbin/amavisd debug

启动另一个终端:

hawk# telnet 127.0.0.1 10024

Trying 127.0.0.1...

Connected to localhost.the9.com.

Escape character is '^]'.

220 [127.0.0.1] ESMTP amavisd-new service ready

MAIL FROM:<cnhawk@the9.com>

250 2.1.0 Sender cnhawk@the9.com OK

RCPT TO:<cnhawk@the9.com>

250 2.1.5 Recipient cnhawk@the9.com OK

DATA

354 End data with <CR><LF>.<CR><LF>

Subject: Test 2

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

.

250 2.5.0 Ok, id=00116-02, BOUNCE <-- 出现这个表示系统已经认出这个邮件中含有 Virus

QUIT

2.3安装配置 Spamassassin

在最新的AMaVisd-new已经结合了Spamassassin功能,所以只要用 ports安装了 AMaVisd-ne,那 Spamassassin 也已经安装好了。

Port: amavisd-new-20030616.p5

Path: /usr/ports/security/amavisd-new

Info: Performance-enhanced daemonized version of amavis-perl

Maint: blaz@si.FreeBSD.org

Index: security

B-deps:

R-deps: arc-5.21e.8_1 freeze-2.5_1 lha-1.14i_1 lzo-1.08_1 lzop-1.01 p5-Archive-Tar-1.05 p5-Archive-Zip-1.06 p5-Authen-SASL-2.04 p5-Compress-Zlib-1.22 p5-Convert-TNEF-0.17 p5-Convert-UUlib-0.213 p5-Digest-HMAC-1.01 p5-Digest-MD5-2.27 p5-Digest-Nilsimsa-0.06 p5-Digest-SHA1-2.04 p5-File-Spec-0.82 p5-HTML-Parser-3.31 p5-HTML-Tagset-3.03 p5-IO-1.20 p5-IO-stringy-2.108 p5-MIME-Base64-2.20 p5-MIME-Tools-5.411a_2 p5-Mail-SpamAssassin-2.55 p5-Mail-Tools-1.58 p5-Net-1.16,1 p5-Net-DNS-0.40 p5-Net-Server-0.85 p5-PodParser-1.24 p5-Test-Harness-2.28 p5-Test-Simple-0.47_1 p5-Time-HiRes-1.50,1 p5-URI-1.25 p5-Unix-Syslog-0.100 razor-agents-2.36 unarj-2.43_1 unrar-3.20,2 zoo-2.10.1

如果服务器不需要 Spamassassin 的功能那这个步骤可以取消。

添加需要的用户

hawk# pw useradd spam -c "Spam Bayes Learner" -d /var/empty -s /sbin/nologin

hawk# pw useradd notspam -c "Not Spam Bayes Learner" -d /var/empty -s /sbin/nologin

修改 /usr/local/etc/mail/spamassassin/local.cf

use_bayes 1

bayes_path /var/amavis/.spamassassin/bayes

auto_learn 1

auto_learn_threshold_nonspam -2

auto_learn_threshold_spam 15

修改 /usr/local/etc/amavisd.conf

$max_servers = 2;

$max_requests = 10;

$child_timeout=5*60;

@bypass_virus_checks_acl = qw( . );

@local_domains_acl = ( ".$mydomain" );

$final_spam_destiny = D_PASS;

read_hash(\%whitelist_sender, '/var/amavis/whitelist');

read_hash(\%blacklist_sender, '/var/amavis/blacklist');

read_hash(\%spam_lovers, '/var/amavis/spam_lovers');

# SpamAssassin settings

#$sa_local_tests_only = 1;

$sa_auto_whitelist = 1;

$sa_mail_body_size_limit = 64*1024;

$sa_tag_level_deflt = 4.0;

$sa_tag2_level_deflt = 6.3;

$sa_kill_level_deflt = $sa_tag2_level_deflt;

$sa_spam_subject_tag = '***SPAM*** ';

建立所需要的文件

hawk# touch /var/amavis/whitelist

hawk# touch /var/amavis/blacklist

hawk# touch /var/amavis/spam_lovers

hawk# chown vscan /var/amavis/whitelist

hawk# chown vscan /var/amavis/blacklist

hawk# chown vscan /var/amavis/spam_lovers

hawk# echo spam@the9.com >> /var/amavis/spam_lovers

hawk# echo notspam@the9.com >> /var/amavis/spam_lovers

修改/usr/local/etc/postfix/main.cf

添加

content_filter = smtp-amavis:[127.0.0.1]:10024

建立自动学习体系

Bayesian Learning Script

hawk# vi /usr/local/sbin/my-sa-learn.sh

#!/bin/sh

if [ -e /var/mail/spam ]; then

/usr/local/bin/sa-learn --spam -p /var/amavis/.spamassassin/user_prefs --mbox /var/mail/spam

rm /var/mail/spam > /dev/null

fi

if [ -e /var/mail/notspam ]; then

/usr/local/bin/sa-learn --ham -p /var/amavis/.spamassassin/user_prefs --mbox /var/mail/notspam

rm /var/mail/notspam > /dev/null

fi

建立Bayes学习知识库:

hawk# /usr/bin/sa-learn --rebuild -p /var/amavis/.spamassassin/user_prefs

这样就可以自动学习了

hawk# chmod 700 /usr/local/sbin/my-sa-learn.sh

hawk# crontab -e

5 0 * * * /usr/local/sbin/my-sa-learn.sh

下面重新启动服务让设置生效

hawk# /usr/local/etc/rc.d/postfix.sh stop

hawk# /usr/local/etc/rc.d/postfix.sh start

hawk# /usr/local/etc/rc.d/amavisd.sh stop

hawk# /usr/local/etc/rc.d/amavisd.sh start

要是使用 Spamassassin 的 spamd,也需要重新启动。

启动 AMaVisd 时,确认是否有找到反病毒软件

hawk# cat /var/log/maillog |grep NAI

Dec 1 03:37:07 hawk amavis[112]: Found primary av scanner NAI McAfee AntiVirus (uvscan) at /usr/local/bin/uvscan

Dec 1 15:36:00 hawk amavis[110]: Found primary av scanner NAI McAfee AntiVirus (uvscan) at /usr/local/bin/uvscan

Dec 1 16:14:28 hawk amavis[110]: Found primary av scanner NAI McAfee AntiVirus (uvscan) at /usr/local/bin/uvscan

要是有这样的信息说明已经找到杀毒软件

病毒更新脚本

需要wget支持

先安装wget

hawk# pkg_add –r wget

安装完毕

hawk# vi /usr/local/libexec/uvscan/update-dat.sh

添加下面的内容

#!/bin/sh

#

# update-dat.sh

#

cd /usr/local/libexec/uvscan/

wget -q -O readme.txt http://download.nai.com/products/datfiles/4.x/nai/readme.txt >/dev/null

AVVER=`head -11 readme.txt | grep '4[0-9][0-9][0-9]' | head -1 | sed -e 's/^.*\(4[0-9]*\).*$/\1/'`

if [ ! -f dat-$AVVER.tar ]; then

for i in *.tar ; do

mv $i $i.old

done

if wget http://download.nai.com/products/datfiles/4.x/nai/dat-$AVVER.tar >/dev/null ; then

for i in *.dat ; do

cp -p $i $i.bak

done

if tar xf dat-$AVVER.tar ; then

rm -f *.old

echo `date` Successfully updated AntiVirus DAT files to $AVVER

fi

fi

fi

然后放入crontab 定时自动运行就可以自动更新病毒文件了。

草草写好

感谢CHINAUNIX的朋友帮忙

 
 
 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
2023年上半年GDP全球前十五强
 百态   2023-10-24
美众议院议长启动对拜登的弹劾调查
 百态   2023-09-13
上海、济南、武汉等多地出现不明坠落物
 探索   2023-09-06
印度或要将国名改为“巴拉特”
 百态   2023-09-06
男子为女友送行,买票不登机被捕
 百态   2023-08-20
手机地震预警功能怎么开?
 干货   2023-08-06
女子4年卖2套房花700多万做美容:不但没变美脸,面部还出现变形
 百态   2023-08-04
住户一楼被水淹 还冲来8头猪
 百态   2023-07-31
女子体内爬出大量瓜子状活虫
 百态   2023-07-25
地球连续35年收到神秘规律性信号,网友:不要回答!
 探索   2023-07-21
全球镓价格本周大涨27%
 探索   2023-07-09
钱都流向了那些不缺钱的人,苦都留给了能吃苦的人
 探索   2023-07-02
倩女手游刀客魅者强控制(强混乱强眩晕强睡眠)和对应控制抗性的关系
 百态   2020-08-20
美国5月9日最新疫情:美国确诊人数突破131万
 百态   2020-05-09
荷兰政府宣布将集体辞职
 干货   2020-04-30
倩女幽魂手游师徒任务情义春秋猜成语答案逍遥观:鹏程万里
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案神机营:射石饮羽
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案昆仑山:拔刀相助
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案天工阁:鬼斧神工
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案丝路古道:单枪匹马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:与虎谋皮
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:李代桃僵
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:指鹿为马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:小鸟依人
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:千金买邻
 干货   2019-11-12
 
推荐阅读
 
 
 
>>返回首頁<<
 
靜靜地坐在廢墟上,四周的荒凉一望無際,忽然覺得,淒涼也很美
© 2005- 王朝網路 版權所有